Europe’s new data privacy law has put a small army of tech firms that track people online in jeopardy and is strengthening the hand of giants such as Google and Facebook in the $200 billion global digital advertising industry.
The General Data Protection Regulation (GDPR here) brought in by the European Union in May is designed to protect personal information in the age of the internet and requires websites to seek consent to use personal data, among other measures.
The ability to track internet users has attracted hundreds of companies that harvest and crunch user data from websites – with or without the consent of the site owner – to form very specific individual consumer profiles.
GDPR poses a challenge to those groups because they all need consent to use the data. While sites often request consent on behalf of the ad tech firms they use directly, uncertainty over whether every link in the supply chain is GDPR-compliant is pushing some to leave Europe altogether.
Concerns about GDPR should, however, benefit Alphabet’s Google and Facebook as their loyal customers are more likely to give consent to carry on using sites, allowing the U.S. giants to keep amassing and analyzing vast amounts of GDPR-compliant data that advertisers will pay to use.
Big publishers such as national newspapers are also likely to keep their readers and believe they can benefit by eventually charging advertisers more for online slots in the knowledge they are compliant with the new EU rules.
From a standing start nearly 30 years ago, the internet has become the largest advertising medium in the world because it allows firms to target consumers with ads based on anything from their browsing history, comments, spending power to location.
Within the tangled ecosystem are multiple firms that help brands and ad agencies connect to sites that fund content with targeted ads. For every dollar spent by an advertiser, about half may go to ad tech groups, according to industry estimates.
When an internet user pulls up a page multiple bid requests are sent into the advertising ecosystem touting facts about the person such as demographics and interests, as well as the nature of the site they are viewing.
That personal data can then pass through a dozen or more ad tech firms before a company or ad agency bids at an auction for space on the website and an advert is loaded. It is that spread of personal data that risks breaking the new EU privacy law.
For example, a firm that provides ads for a website viewed on a mobile phone may use other partners not included in the compliance chain to provide information about a user’s location.
That doubt about compliance is threatening the myriad ad tech middlemen and is also prompting advertisers and publishers to rethink how they share their user data.
Facebook lost about 1 million European monthly active users after GDPR and it said a desire by some users to avoid targeted ads is likely to lead to a modest revenue hit.
In response to GDPR, it has asked advertisers to certify they have the proper consent to use any data from third-party brokers, potentially shedding itself of some liability.
Google is also requiring publishers to secure consent when using its ad products on their properties. Marketers and partners also need to now use more of Google’s own services.
It has stopped providing easy access to lists that helped companies evaluate the success of their ads by showing which users clicked on them. Advertisers must now use Google’s Ads Data Hub application to measure the effectiveness of campaigns.